Silo Busting 71: Incident Response Right Now with Tab Bradshaw and Sam Rehman
“Be prepared” is a workable motto, if you’re a Boy Scout. But if you’re in the cybersecurity world, you need some more specifics. And specifics are what you get when you talk with an incident response specialist like Tab Bradshaw, Chief Operating Officer at Redpoint Cybersecurity. Alongside our own cyber specialist Sam Rehman, EPAM’s CISO and SVP, the two chew the digital fat about what being prepared truly means now and how you should communicate that message to your clients, colleagues and, of course, counsel.
Bradshaw says that IR is preparation. It’s about constantly asking: “How often do you prepare in your organization, at a technical level, at an executive level, to handle some sort of incident?”
Rehman notes that the perception among some clients is that being IR-ready is enough. “That's not the case. It's a muscle. It's emotion. It's how you work. It's how you react.”
Bradshaw says that the chaos of IR can be controlled with “communication and coordination. Someone has to be the quarterback.” A tabletop exercise, for instance, needs to be a live fire exercise: “Doing it once a year is not good.” Too many organizations treat IR as a checklist, which is a mistake. “It's a living, cross-functional discipline,” says Bradshaw, “that evolves with the threat landscape externally, obviously, and also internally as people you know move.”
